[Pkg-openssl-devel] Bug#555829: openssl: CVE-2009-3555: SSL/TLS renegotiation MITM vulnerability

[Enrique D. Bosch]

Subject: CVE-2009-3555: SSL/TLS renegotiation MITM vulnerability
Package: openssl
Version: 0.9.8g-15+lenny5
Severity: grave

*** Please type your report below this line ***

This is a SSL/TLS protocol vulnerability not specific to openssl.

Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and
previous) is subject to a number of serious man-in-the-middle (MITM) attacks
related to renegotiation.  In general, these problems allow an MITM to
inject an arbitrary amount of chosen plaintext into the beginning of the
application protocol stream, leading to a variety of abuse possibilities.

In particular, practical attacks exists against HTTPS and could affect other
protocols that use SSL/TLS.

Openssl by default accepts renegotiations and there is no option to disable 
this. Mainstream openssl 0.9.8l adds this option.

A new RFC draft has been created to address this problem at protocol level so
it's expected further versions of openssl will adopot it.

Possible solutions:
sid: upgrade to openssl 0.9.8l
stable/oldstable: backport a patch from openssl 0.9.8l to stable/oldstable
versions.

-- System Information:
Debian Release: squeeze/sid
   APT prefers unstable
   APT policy: (990, 'unstable'), (500, 'stable')
Architecture: armel (armv5tejl)

Kernel: Linux 2.6.16.16-arm1
Locale: LANG=es_ES, LC_CTYPE=es_ES (charmap=ISO-8859-1) (ignored: LC_ALL set to es_ES)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssl depends on:
hi  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libssl0.9.8            0.9.8g-15+lenny5  SSL shared libraries
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates               20081127   Common CA certificates

-- no debconf information